Skip to content
Snippets Groups Projects
Commit e93eaff5 authored by Jonathan Kew's avatar Jonathan Kew Committed by Adam Jackson
Browse files

Avoid out-of-bounds read when accessing individual bytes from mask. 

The important changes here are a handful of places where we replace

            memcpy(&m, mask++, sizeof(uint32_t));

or similar code with

            uint8_t m = *mask++;

because we're only supposed to be reading a single byte from *mask,
and accessing a 32-bit value may read out of bounds (besides that
it reads values we don't actually want; whether this matters would
depend exactly how the value in m is subsequently used).

I've also changed a bunch of other places to use this same pattern
(a local 8-bit variable) when reading individual bytes from the mask;
the code was inconsistent about this, sometimes casting the byte to
a uint32_t instead. This makes no actual difference, it just seemed
better to use a consistent pattern throughout the file.
parent d93ec571
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 22 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment